Katalog Plus
Bibliothek der Frankfurt UAS
Bald neuer Katalog: sichern Sie sich schon vorab Ihre persönlichen Merklisten im Nutzerkonto: Anleitung.
Dieses Ergebnis aus BASE kann Gästen nicht angezeigt werden.  Login für vollen Zugriff.

Automated knowledge-based cybersecurity risk assessment of cyber-physical systems

Title: Automated knowledge-based cybersecurity risk assessment of cyber-physical systems
Authors: Phillips, Stephen C.; Taylor, Steve; Boniface, Michael; Modafferi, Stefano; Surridge, Mike
Publication Year: 2024
Collection: University of Southampton: e-Prints Soton
Description: This paper describes a simulation-based approach for automated risk assessment of complex cyber-physical systems to support implementers of ISO 27005. The approach is based on systematic causeand-effect modelling of threats, their causes and effects, and the ways in which the effects of one threat can lead to other threats. In this way, the approach deals with inter-dependencies within the target system, automatically finding attack paths and secondary effect cascades, which generally are very complex and the source of many challenges when implementing ISO 27005. The approach uses a knowledgebase describing classes of system assets and their possible relationships, along with the associated threats, causes and effects in a generic context. A target system can then be modelled in terms of related assets, describing the intended system structure and purpose (in the absence of any deviations). The knowledgebase is then used to identify which threats are relevant and create a cause-and-effect simulation of those threats. This allows threat likelihoods and risk levels to be found based on input concerning trust assumptions and the presence of controls in the system. The approach has been implemented by the open source Spyderisk project and validated by modelling a published case study of an attack on a steel mill. Given reasonable assumptions about security controls in place, the shortest, highest likelihood attack path found coincides with the published analysis. The case study demonstrates the strengths of the approach: transparency, reproducibility, and performance.
Document Type: article in journal/newspaper
File Description: text
Language: English
Relation: https://eprints.soton.ac.uk/490296/1/paper15.pdf; https://eprints.soton.ac.uk/490296/2/Automated_Knowledge-Based_Cybersecurity_Risk_Assessment_of_Cyber-Physical_Systems.pdf; Phillips, Stephen C., Taylor, Steve, Boniface, Michael, Modafferi, Stefano and Surridge, Mike (2024) Automated knowledge-based cybersecurity risk assessment of cyber-physical systems. IEEE Access, 12, 82482-82505. (doi:10.1109/ACCESS.2024.3404264 ).
Availability: https://eprints.soton.ac.uk/490296/; https://eprints.soton.ac.uk/490296/1/paper15.pdf
Rights: accepted_manuscript ; cc_by_4
Accession Number: edsbas.669B7F3F
Database: BASE